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THE MAILING DATE OF THIS COMMUNICATION. 
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DETAILED ACTION 

Response to Amendment 

Applicant has amended claims 2-8 and canceled claims 1,9-14, and 16-22, and added new 
claims 23-24. Therefore claims 2-8 and 23-24 are now pending. 

Response to Arguments 

1 . Applicant's arguments with respect to claims 2-8 and 23-24 have been considered but are 
moot in view of the new ground(s) of rejection. 

Specification 

2. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. 

Claim Rejections -35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 3-4, 7, and 23-24 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
US. Patent No. 6,061,741 to Murphy, Jr. et al. in view of Johnson et al. (US Patent No. 

5,560,008). 
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Regarding claim 23, Murphy, Jr. et al. teaches a method of operating an authenticating 
server system for authenticating a user of a client application provided on a client terminal 
having no unique IP address via a data communications network, the server system being 
arranged to control access to a document stored on a resource server connected to said data 
communications network (Fig. la), said method comprising performing the following steps in 
said server system: receiving at the resource server a request for said document generated by said 
client application; evaluating at the resource server client-side persistent information 
accompanying said request including checking if the client-side persistent information contains 
an address token previously issued by the resource server which uniquely identifies the user 
(column 3, lines 22-25 and column 4, lines 4-7 and column 7, lines 60-67 ), and performing the 
following steps at the resource server: if no address token which uniquely identifies the user is 
contained in the client-side persistent information accompanying said request: generating an 
address token which uniquely identifies the user; transmitting the generated address token to the 
client application in a client- side persistent information packet so that an address token which 
uniquely identifies the user is generated and transmitted without prior receipt at the resource 
server of a previously issued address token which uniquely identifies the user; and storing said 
address token for the user (column 1, lines 57-62 and column 5, lines 41-49 and column 8, lines 
4-9); or ii) if an address token which uniquely identifies the user is contained in the client-side 
persistent information accompanying said request and the address token is an unvalidated 
address token: validating the address token using other authentication data received from the 
client terminal in said client-side persistent information and by reference to user authentication 
data already stored on said resource server; storing the validated address token for an 
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authenticated user and an access status of the authenticated user associated with the validated 
address token (column 2, lines 60-65 and column 5; lines 49-52); or iii) if an address token 
which uniquely identifies the user is contained in the client-side persistent information 
accompanying said request and the address token is a validated address token, using said 
validated address token to enable said resource server to validate said request for said document 
(column 1, lines 63-65 and column 5, lines 52). 

Murphy, Jr. et al. does not teach by checking if said stored access status for said user 
includes access to said document. Johnson et al. teaches iii) if an address token which uniquely 
identifies the user is contained in the client-side persistent information accompanying said 
request and the address token is a validated address token, using said validated address token to 
enable said resource server to validate said request for said document by checking if said stored 
access status for said user includes access to said document (column 4, lines 35-40, column' 10, 
line 62 through column 11, line 7, and column 12, lines 12-16). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to fitrther modify 
the data communications system of Murphy, Jr. et al. by checking if said stored access status for 
said user includes access to said document because this step further creates another level of 
protection for accessing private documents. 

Referring to claim 3, Murphy, Jr. et al. in view of Johnson et al. teaches a method 
according to claim 23, wherein said authentication step comprises receiving said address token 
from said client terminal with said authentication data (column 2, lines 60-65 and column 5; lines 
49-52 of Murphy, Jr. et al.). 
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Regarding claim 4, Murphy, Jr. et al teaches a method according to claim 3 (column 2, 
lines 60-65 and column 5; lines 49-52). 

Murphy, Jr. et al. does not teach wherein a new address token is issued to said client 
terminal if said authentication data is invalid. Johnson et al. teaches wherein a new address token 
is issued to said client terminal if said authentication data is invalid (column 13, lines 32-36). 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to further modify the data communications system of Murphy, Jr. et al. by wherein a 
new address token is issued to said client terminal if said authentication data is invalid because 
this creates a periodic re- validation of users and therefore inhibits others from masquerading as a 
particular user. 

Regarding claim 7, Murphy, Jr. et al. teaches a method according to claim 23 (column 5, 
lines 41-52). 

Murphy, Jr. et al. does not teach of timing out said address token. Johnson et al. teaches 
of timing out of said address token of a terminal of a currently authenticated user if no document 
request is received from said client terminal for a predetermined period (column 6, lines 21-26). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to further modify the internet server access control and monitoring system of 
Murphy, Jr. et al. by timing out said address token because if a user were to forget to logout of a 
session another could use that workstation to access information that they are not authorized to 
view and the timing out of the address token lessens the chance of this happening therefore 
increasing the security of the system. 
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Regarding claim 24, Murphy, Jr. et al. in view of Johnson et al. teaches a method as 
claimed in claim 23, wherein step (ii) further comprises: transmitting said requested document to 
said client terminal along with a client-side persistent information packet containing the 
validated address token to the client terminal (column 2, lines 60-65 and column 5; lines 49-52 
of Murphy, Jr. et al.). 

3. Claim 2 rejected under 35 U.S.C. 103(a) as being unpatentable over US. Patent No. 
6,061 ,741 to Murphy, Jr. et al. in view of Johnson et al. as applied to claims 3-4, 7, and 23-24 
above, and further in view of Kirsch (US Patent No. 5,963,915). 

Regarding claim 2, Murphy, Jr. et al. in view of Johnson et al. teaches a method 
according to claim 23, wherein said address token is transmitted to said client terminal (column 
1, lines 57-62 and column 5, lines 41-49 and column 8, lines 4-9 of Murphy, Jr. et al.). 

Murphy, Jr. et al. in view of Johnson et al. does not teach the transmission of the address 
token in a cookie. Kirsch teaches that said address token is transmitted in a cookie to said user's 
client terminal (column 3, lines 14-16 and column 13, lines 11-13). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made to further 
modify the data communication system of Murphy, Jr. et al. in view of Johnson et al. by 
transmitting the address token in a cookie because it is a more secure manner of storage and 
transport of identification data. 

4. Claim 5-6 rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent No. 
6,061,741 to Murphy, Jr. et al. in view of Johnson et al. as applied to claims 3-4, 7, and 23-24 
above, and further in view of See et al. (US Patent No. 6,070,243). 
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Regarding claim 5, Murphy, Jr. et al. in view of Johnson et al. teaches a method 
according to claim 4 and an address token (column 2, line 42 and column 4, lines 4-7 of Murphy, 
Jr. et al ), and the reception of an invalid authenticator from said client terminal (column 5, lines 
20-23 of Murphy, Jr. et al). 

Murphy, Jr. et al. in view of Johnson et al. does not teach that the address token contains 
the number of times an invalid authenticator was received. See et al. teaches said address token 
comprises data indicating the number of times an invalid authenticator has been received from 
said user's client terminal (column 3, lines 23-25). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to further modify the data 
communication system of Murphy, Jr. et al. in view of Johnson et al. by having the address token 
contain the number of times an invalid authenticator was received because a user can be denied 
access if they submit multiple invalid authenticators thus providing the system with added 
security and access control. 

Referring to claim 6, Murphy, Jr. et al. in view of Johnson et al. teaches a method 
according to claim 5, and an address token (column 2, line 42 and column 4, lines 4-7 of 
Murphy, Jr. et al ), and the reception of an invalid authenticator from said client terminal 
(column 5, lines 20-23 of Murphy, Jr. et al.). 

Muiphy, Jr. et al. in view of Johnson et al. does not teach that the system will not issue 
address tokens to the user if an address token received from that user shows that a predetermined 
number of invalid authenticators have been received from the user. See et al. teaches said method 
comprising issuing no further address token to said client terminal if an address token received 
from said user's client terminal indicates that a predetermined number of invalid authenticators 



' Application/Control Number: 09/446,583 Page 8 

Art Unit: 2141 

have been received from said user's client terminal (column 6, lines 23-26). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made to 
further modify the data communication system of Muiphy, Jr. et al. in view of Johnson et al. by 
not issuing address tokens to the user if an address token received from that user shows that a 
predetermined number of invalid authenticators have been received from the user because this 
provides the system with added security and access control by not allowing unauthorized users 
access to server information. 

5. Claim 8 rejected under 35 U.S.C. 103(a) as being unpatentable over US. Patent No. 
6,061,741 to Murphy, Jr. et al. in view of Johnson et al. as applied to claims 3-4, 7, and 23-24 
above, and further in view of Levergood et al. (US Patent No. 5,708,780). 

Referring to claim 8, Murphy, Jr. et al. in view of Johnson et al. teaches a method 
according to claim 23 (column 5; lines 49-52 of Murphy, Jr. et al.). 

Muiphy, Jr. et al. in view of Johnson et al. does not teach authenticating said user for 
access to a plurality of Web servers located in the same Internet domain. Levergood et al. teaches 
comprising authenticating said user for access to a plurality of Web servers located in the same 
Internet domain (column 3, lines 66-67); and enabling each of said Web servers to validate 
document requests from the client terminal, which requests include said address token (column 
3, lines 44-45), by checking said status data on receipt of a document request (column 6, lines 
58-60). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to further modify the data communication system of Murphy, Jr. et al. in 
view of Johnson et al. by authenticating said user for access to a plurality of Web servers located 
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in the same Internet domain because this creates a more efficient system by decreasing the 
processing time to re-authenticate a user on multiple servers within the same domain. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to April L Baugh whose telephone number is 703-305-53 1 7. The 
examiner can normally be reached on Monday-Friday 8:30am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Paul H. Kang can be reached on 703-308-6123. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Conclusion 



April L. Baugh 
Assistant Examiner 
ALB 




